HAProxy community

HTTPS redirection not working

We are currently running HA-Proxy version 1.5-dev18 2013/04/03 as a reverse proxy for some websites and a VMWare View enviroment.
The issue we are experiencing is that all our sites in the backend are HTTPS and even though we have an HTTP and HTTPS front end configured with http-request redirect scheme https code 301 if !{ ssl_fc } in the HTTP front end, when a user goes to http://site1.com they are not redirected to https://site1.com

I believe it to be something to do with our HTTPS front end looking for the sni but i am more than likely wrong.

i have included the config to see if anyone can see anything obvious.

global
maxconn 4096
pidfile /var/run/haproxy.pid
daemon
log 127.0.0.1 local0
log 127.0.0.1 local1 notice
stats socket /var/run/haproxy.stat mode 600
user haproxy
group haproxy

defaults
# log 127.0.0.1:514 local0 debug
# log 127.0.0.1:514 local1
mode tcp
retries 3
option redispatch
maxconn 2000
contimeout 5000
clitimeout 50000
srvtimeout 50000
#stats enable
#stats auth admin:admin

userlist UsersFor_HAProxyStatistics
group admin users haproxy
user haproxy insecure-password
user stats insecure-password

listen stats *:1936
mode http
stats enable
#stats scope http
#stats scope www
#stats scope static
#stats scope static_httpclose
#stats realm Haproxy\ Statistics
stats uri /haproxy?stats
#stats auth haproxy:
stats refresh 20s
stats show-node
stats show-legends
acl AuthOkay_ReadOnly http_auth(UsersFor_HAProxyStatistics)
acl AuthOkay_Admin http_auth_group(UsersFor_HAProxyStatistics) admin
stats http-request auth realm HAProxy-Statistics unless AuthOkay_ReadOnly
stats admin if AuthOkay_Admin

frontend inbound-http *:80
mode http
http-request redirect scheme https code 301 if !{ ssl_fc }

frontend test :443
mode tcp
#log global

tcp-request inspect-delay 5s
tcp-request content accept if { req_ssl_hello_type 1 }
use_backend 1_BE if { req_ssl_sni -i yourdomain.com }
use_backend 1_BE if { req_ssl_sni -i yourdomain1.com }
use_backend 2_BE if { req_ssl_sni -i yourdomain2.com }
use_backend 3_BE if { req_ssl_sni -i yourdomain3.com }
use_backend 4_BE if { req_ssl_sni -i yourdomain4.com }
use_backend 5_BE if { req_ssl_sni -i yourdomain5.com }
use_backend 6_BE if { req_ssl_sni -i yourdomain6.com }
use_backend 7_BE if { req_ssl_sni -i yourdomain7.com }
use_backend 7_BE if { req_ssl_sni -i yourdomain8.com }
use_backend 7_BE if { req_ssl_sni -i yourdomain9.com }
use_backend 7_BE if { req_ssl_sni -i yourdomain10.com }
use_backend 7_BE if { req_ssl_sni -i yourdomain11.com }
use_backend 7_BE if { req_ssl_sni -i yourdomain12.com }
use_backend 7_BE if { req_ssl_sni -i yourdomain13.com}
use_backend 7_BE if { req_ssl_sni -i yourdomain14.com}
use_backend 7_BE if { req_ssl_sni -i yourdomain15.com}
use_backend 7_BE if { req_ssl_sni -i yourdomain16.com}
use_backend 8_BE if { req_ssl_sni -i yourdomain17.com}
use_backend 9_BE if { req_ssl_sni -i yourdomain18.com}
use_backend 10_EX_BE if { req_ssl_sni -i yourdomain19.com}
default_backend 1_BE

backend 1_BE
mode tcp
option tcplog
option ssl-hello-chk #make sure we can talk SSL, not just TCP
balance source
server [serverName1] [serverip]:443 check id 1 inter 10s rise 5 fall 2
server [serverName2] [serverip]:443 check id 2 inter 10s rise 5 fall 2

backend 2_BE
#log global
server [serverName3] [serverip]:443

backend 9_BE
#log global
server [serverName4] [serverip]:443

backend 3_BE
#log global
server [serverName5] [serverip]:443

backend 4_BE
#log global
server [serverName6] [serverip]:443

backend 5_BE
#log global
server [serverName7] [serverip]:443

backend 6_BE
#Log global
server [serverName8] [serverip]:443

backend 7_BE
#Log global
server [serverName9] [serverip]:443

backend 8_BE
#log global
server [serverName10] [serverip]:443

backend 10_EX_BE
#log global
server [serverName11] [serverip]:443

is it possible that due to the 443 frontend being in tcp mode it doesn’t work??
But there is a http frontend on port 80

fixed it… it was our mistake.
We had not port forwarded port 80 to the HA Proxy (Yeah I know!!!)

Thanks for reporting back, however please note that:

Is a development snapshot from 6 years ago that was never intended to be used for a production service.

I suggest you use stable and released versions instead.